Discourse is an open-source discussion platform. Prior to version 2.8.13 of the `stable` branch and version 2.9.0.beta14 of the `beta` and `tests-passed` branches, unauthorized users may learn of the existence of hidden tags and that they have been applied to topics that they have access to. This issue is patched in version 2.8.13 of the `stable` branch and version 2.9.0.beta14 of the `beta` and `tests-passed` branches. As a workaround, use the `disable_email` site setting to disable all emails to non-staff users.
References
Link | Resource |
---|---|
https://github.com/discourse/discourse/commit/84c83e8d4a1907f8a2972f0ab44b6402aa910c3b | Patch Third Party Advisory |
https://github.com/discourse/discourse/security/advisories/GHSA-rqvq-94h8-p5wv | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2022-11-29 18:15
Updated : 2024-02-28 19:51
NVD link : CVE-2022-46150
Mitre link : CVE-2022-46150
CVE.ORG link : CVE-2022-46150
JSON object : View
Products Affected
discourse
- discourse
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor